## https://sploitus.com/exploit?id=404F4C76-2BDC-55A7-B4CC-6F3482077AF1
# poc-csharp-aspnetcore
A sample **ASP.NET Core (C#)** application used as a target for evaluating security scanning tools (SAST, SCA/SBOM, and secrets scanning).
> โ ๏ธ **Intentionally insecure โ do not deploy this to any real, shared, or internet-facing environment.** It exists only to exercise security scanners in a controlled proof of concept.
## What it's for
Point your scanner(s) at the repository root and compare what they report. It's a static target: you do **not** need the app running to scan source code, dependencies, or secrets.
## Prerequisites
- .NET SDK 8.x
- Git
- Your security scanner(s) of choice
## Set up (restore dependencies)
**Linux / macOS**
```bash
git clone
cd poc-csharp-aspnetcore
dotnet restore
```
**Windows (PowerShell)**
```powershell
git clone
cd poc-csharp-aspnetcore
dotnet restore
```
## (Optional) build / run
**Linux / macOS**
```bash
dotnet build
```
**Windows (PowerShell)**
```powershell
dotnet build
```
## Scanning this repo
- **SAST:** run your static analyzer against the repository root.
- **SCA / SBOM:** scan the dependency manifest(s): `*.csproj`, `Directory.Build.props`, `global.json`, `sbom/`.
- **Secrets:** run your secrets scanner over the whole tree โ secret-bearing files are committed on purpose so the scanner has something to find.